CEH-001 Online Practice Questions and Answers

You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c

What is the hexadecimal value of NOP instruction?

A. 0x60

B. 0x80

C. 0x70

D. 0x90

Which of the following is a protocol that is prone to a man-in-the-middle (MITM) attack and maps a 32-bit address to a 48-bit address?

A. ICPM

B. ARP

C. RARP

D. ICMP

Which type of scan is used on the eye to measure the layer of blood vessels?

A. Facial recognition scan

B. Retinal scan

C. Iris scan

D. Signature kinetics scan

A distributed port scan operates by:

A. Blocking access to the scanning clients by the targeted host

B. Using denial-of-service software against a range of TCP ports

C. Blocking access to the targeted host by each of the distributed scanning clients

D. Having multiple computers each scan a small number of ports, then correlating the results

A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other systems. However, he is unable to capture any logons though he knows that other users are logging in.

What do you think is the most likely reason behind this?

A. There is a NIDS present on that segment.

B. Kerberos is preventing it.

C. Windows logons cannot be sniffed.

D. L0phtcrack only sniffs logons to web servers.

When discussing passwords, what is considered a brute force attack?

A. You attempt every single possibility until you exhaust all possible combinations or discover the password

B. You threaten to use the rubber hose on someone unless they reveal their password

C. You load a dictionary of words into your cracking program

D. You create hashes of a large number of words and compare it with the encrypted passwords

E. You wait until the password expires

Password cracking programs reverse the hashing process to recover passwords.(True/False.

A. True

B. False

When working with Windows systems, what is the RID of the true administrator account?

A. 500

B. 501

C. 1000

D. 1001

E. 1024

F. 512

Say that "abigcompany.com" had a security vulnerability in the javascript on their website in the past. They recently fixed the security vulnerability, but it had been there for many months. Is there some way to 4go back and see the code for that error?

Select the best answer.

A. archive.org

B. There is no way to get the changed webpage unless you contact someone at the company

C. Usenet

D. Javascript would not be in their html so a service like usenet or archive wouldn't help you

Jackson discovers that the wireless AP transmits 128 bytes of plaintext, and the station responds by encrypting the plaintext. It then transmits the resulting ciphertext using the same key and cipher that are used by WEP to encrypt subsequent network traffic. What authentication mechanism is being followed here?

A. no authentication

B. single key authentication

C. shared key authentication

D. open system authentication